One of the biggest mistakes organisations make when implementing an enterprise mobility management (EMM) programme is they don't have a clear goal from the early stages on what they aim to achieve, they don't identify their target audience, the value it will add to the staff and the organisation, and the type of problems it aims to resolve within the organisation.
Understanding the main objectives of EMM implementation will help the staff understand why they have to use it, while helping the organisation calculate the costs, return on investment and the security risks involved.
This was according to Chris Holland, head of research and emerging technologies at Nedbank, speaking in a panel discussion at the IT Web Enterprise Mobility Summit in Johannesburg yesterday.
The discussion, facilitated by Alan Knott-Craig Jnr, chairman of Hero Telecoms and founder of Project Isizwe, focused on the challenges encountered by organisations when implementing EMM and mobile device management (MDM) strategies.
Zama Swana, IT manager at medical scheme company, Allcare Administrators, said oftentimes when organisations introduce enterprise mobility apps, not all employees are keen on using them due to the limitations and restrictions they pose. Users may feel their own devices are bogged down with endless security barriers such as passwords and usernames.
"Organisations should understand the effect of these limitations while also being aware of the implications of not putting them in place. In our organisation, we have implemented a few in-house apps. However one of the challenges we are experiencing is deploying a system to monitor those apps as users are constantly downloading information, and we need to be prepared security-wise," explained Swana.
Leenesh Singh, head of mobile at insurance company Liberty Life, explained when his organisation implemented MDM, the aim was to take control of the risks associated with BYOD, but some employees were not happy about the processes involved.
"We implemented password protect on our employees' mobile phones. This frustrated them as they found the pin lock inconvenient, especially those who did not want to access company resources on their mobile devices," Singh pointed out.
Security risks
Swana believes workforce mobility is one of the most complex IT developments because it introduces huge risks to data loss and data protection within organisations.
"Security can pose high risks, the ability to just take mobile apps and interface them with your organisation systems and give employees access to these could mean that anything can happen should they lose their devices. Boundaries need to be established while also striking the balance between mobile enterprise risksand rewards for employees," she advised.
Discussing the impact of the Protection of Personal Information Act (POPI), Singh noted the Act is often misinterpreted, adding that organisations should understand its objectives, which are ultimately to protect the sensitive information of clients and employees.
"In terms of POPI, there are heavy principles to apply such as accountability and compliance. Most of the information that is stored in these enterprise apps is personal information which is stored in the cloud services. Therefore it can be a mission for organisations to follow the right processes and comply with POPI regulations.
"Our organisation had to communicate with regulators to ensure our information is secure. Moreover, clients and employees need to always provide consent to the organisation in possession of their details," he continued.
Holland observed anyone with an IT background should understand that there are policies to put down for staff and if the end solution cannot put those policies on their mobile devices, then that will create a problem.
"In the advent of POPI, organisations should institute policies using good MBM software, and make sure their policies are well audited and that they have been moved over to mobile device platforms. Companies need to understand the dynamics involved with mobile device regulatory compliance without just pushing the responsibility over to the IT department," concluded Holland.
Share